Threats in Network
Threats in Network
Main aims of threats are to compromise confidentiality, integrity applied against data,
1. Anonymity
3. Sharing
4. Complexity Of System
Threat Precursors:
1. Port scan
2. Social Engineering
3. Reconnaissance
6. Availability of Documentation
The term eavesdrop implies overhearing without expanding any extra effort. For example we
can say that an attacker is eavesdropping by monitoring all traffic passing through a node.
The more hostile term is wiretap, which means intercepting communication through some
effort.
1. Cable
2. Microwave
3. Satellite Communication
4. Optical Fiber
5. Wireless
From, a security stand point we should assume all communication links between network
nodes that can broken. For this reason commercial network users employ encryption to
Protocol Flaws:
Each protocol is identified by its Request For Comment (RFC) number. In TCP, the sequence
number of the client increments regularly which can be easily guessed and also which will be
Impersonation:
In many instances, there is an easier way than wiretapping for obtaining information on a
Spoofing:
node, a device) permits an attacker to create a full communication under the entity’s identity.
An attacker can easily violate message confidentiality (and perhaps integrity) because of the
confidentiality or integrity failure. Here we consider several other vulnerabilities that can
affect confidentiality.
1. Misdelivery
2. Exposure
confidentiality. In fact for some situations, such as passing authentication data, the integrity
Falsification of messages
Noise
One of the most widely known attacks is the web site defacement attack. Because of the large
number of sites that have been defaced and the visibility of the result, the attacks are often
reported in the popular press. A defacement is common not only because of its visibility but
The website vulnerabilities enable attacks known as buffer overflows, dotdot problems,
application code errors, and server side include problems.
Denial of Service:
Availability attacks, sometimes called denial-of-service or DOS attacks, are much more
significant in networks than in other contexts. There are many accidental and malicious
threats to availability or continued service. There are many accidental and malicious threats
to availability or continued service.
1) Transmission Failure
2) Connection Flooding
3) Echo-Chargen
4) Ping of Death
5) Smurf
6) Syn Flood
7) Teardrop
8) Traffic Redirection
9) DNS Attacks
Active code or mobile code is a general name for code that is pushed to the client for
execution. Why should the web server waste its precious cycles and bandwidth doing simple
work that the client's workstation can do? For example, suppose you want your web site to
have bears dancing across the top of the page. To download the dancing bears, you could
download a new image for each movement the bears take: one bit forward, two bits forward,
and so forth. However, this approach uses far too much server time and bandwidth to
compute the positions and download new images. A more efficient use of (server) resources
is to download a program that runs on the client's machine and implements the movement of
the bears.
The list of security attacks is long, and the news media carry frequent accounts of serious
security incidents.
Architecture:
As with so many of the areas we have studied, planning can be the strongest control. In
particular, when we build or modify computer-based systems, we can give some thought to
their overall architecture and plan to "build in" security as one of the key constructs.
Similarly, the architecture or design of a network can have a significant effect on its security.
The main areas to cover are
Segmentation
Redundancy
Single point of failure
Mobile agents
Encryption:
Encryption is powerful for providing privacy, authenticity, integrity, and limited access to data.
Because networks often involve even greater risks, they often secure data with encryption,
perhaps in combination with other controls. There are 2 types of encryption scheme exists:
Link encryption (data are encrypted just before the system places them on the physical
communications link)
End-to-end encryption (provides security from one end of a transmission to the other)
Content Integrity:
Content integrity comes as a bonus with cryptography. No one can change encrypted data in a
meaningful way without breaking the encryption. This does not say, however, that encrypted
data cannot be modified. Changing even one bit of an encrypted data stream affects the result
after decryption, often in a way that seriously alters the resulting plaintext. We need to
consider three potential threats:
Encryption addresses the first of these threats very effectively. To address the others, we can
use other controls.
Strong Authentication:
In the network case, however, authentication may be more difficult to achieve securely because
of the possibility of eavesdropping and wiretapping, which are less common in non-networked
environments. Also, both ends of a communication may need to be authenticated to each
other.
Access Controls:
Authentication deals with the who of security policy enforcement; access controls enforce the
what and how.
ACLs on Routers
Routers perform the major task of directing network traffic either to sub-networks they control
or to other routers for subsequent delivery to other sub-networks.
Routers convert external IP addresses into internal MAC addresses of hosts on a local sub-
network.
Suppose a host is being spammed (flooded) with packets from a malicious rogue host.
Routers can be configured with access control lists to deny access to particular hosts from
particular hosts.
So, a router could delete all packets with a source address of the rogue host and a destination
address of the target host.
The logical view of network protection looks like the figure below, in which both a router and a
firewall provide layers of protection for the internal network. Now let us add one more layer to
this defense.
A honey pot has no special features. It is just a computer system or a network segment, loaded
with servers and devices and data. It may be protected with a firewall, although you want the
attackers to have some access. There may be some monitoring capability, done carefully so that
the monitoring is not evident to the attacker.
To watch what attackers do, in order to learn about new attacks (so that you can
strengthen your defenses against these new attacks)
To lure an attacker to a place in which you may be able to learn enough to identify and
stop the attacker
To provide an attractive but diversionary playground, hoping that the attacker will leave
your real system alone
Firewalls
Firewalls were officially invented in the early 1990s, but the concept really reflects the
What is a Firewall?
A firewall is a device that filters all traffic between a protected or "inside" network and a less
a single point through which traffic is channeled, performance is important, which means
non-firewall functions should not be done on the same machine. Because a firewall is
executable code, an attacker could compromise that code and execute from the firewall's
device. Thus, the fewer pieces of code on the device, the fewer tools the attacker would have
minimized operating system. The purpose of a firewall is to keep "bad" things outside a
specifically designed to address what bad things might happen. For example, the policy might
be to prevent any access from outside (while still allowing traffic to pass from the inside to
the outside). Alternatively, the policy might permit accesses only from certain places, from
certain users, or for certain activities. Part of the challenge of protecting a network with a
firewall is determining which security policy meets the needs of the installation.
Design of Firewalls:
Always invoked
Tamperproof
Small and simple enough for rigorous analysis
network, we can ensure that all network accesses that we want to control must pass through
Usually a firewall is implemented on a separate computer, with direct connections only to the
outside and inside networks. This isolation is expected to meet the "tamperproof" requirement.
And firewall designers strongly recommend keeping the functionality of the firewall simple.
Types of Firewalls:
A packet filtering gateway or screening router is the simplest, and in some situations, the
most effective type of firewall. A packet filtering gateway controls access to packets on the
basis of packet address (source or destination) or specific transport protocol type (such as
HTTP web traffic). As described earlier in this chapter, putting ACLs on routers may
severely impede their performance. But a separate firewall behind (on the local side) of the
router can screen traffic before it gets to the protected network. Figure 7-34 shows a packet
filter that blocks access from (or to) addresses in one network; the filter allows HTTP traffic
Filtering firewalls work on packets one at a time, accepting or rejecting each packet and
moving on to the next. They have no concept of "state" or "context" from one packet to the
next. A stateful inspection firewall maintains state information from one packet to another in
One classic approach used by attackers is to break an attack into multiple packets by
forcing some packets to have very short lengths so that a firewall cannot detect the signature
of an attack split across two or more packets. (Remember that with the TCP protocols,
packets can arrive in any order, and the protocol suite is responsible for reassembling the
packet stream in proper order before passing it along to the application.) A stateful inspection
firewall would track the sequence of packets and conditions from one packet to another to
Application Proxy
Packet filters look only at the headers of packets, not at the data inside the packets. Therefore,
a packet filter would pass anything to port 25, assuming its screening rules allow inbound
connections to that port. But applications are complex and sometimes contain errors. Worse,
applications (such as the e-mail delivery agent) often act on behalf of all users, so they
require privileges of all users (for example, to store incoming mail messages so that inside
users can read them). A flawed application, running with all users' privileges, can cause much
damage. An application proxy gateway, also called a bastion host, is a firewall that simulates
the (proper) effects of an application so that the application receives only requests to act
properly. A proxy gateway is a two-headed device: It looks to the inside as if it is the outside
(destination) connection, while to the outside it responds just as the insider would.
mail is transferred to a location, a sending process at one site and a receiving process at the
destination communicate by a protocol that establishes the legitimacy of a mail transfer and
then actually transfers the mail message. The protocol between sender and destination is
carefully defined. A proxy gateway essentially intrudes in the middle of this protocol
exchange, seeming like a destination in communication with the sender that is outside the
firewall, and seeming like the sender in communication with the real destination on the
inside. The proxy in the middle has the opportunity to screen the mail transfer, ensuring that
Guard:
A guard is a sophisticated firewall. Like a proxy firewall, it receives protocol data units,
interprets them, and passes through the same or different protocol data units that achieve
either the same result or a modified result. The guard decides what services to perform on the
user's behalf in accordance with its available knowledge, such as whatever it can reliably
know of the (outside) user's identity, previous interactions, and so forth. The degree of
control a guard can provide is limited only by what is computable. But guards and proxy
firewalls are similar enough that the distinction between them is sometimes fuzzy. That is, we
can add functionality to a proxy firewall until it starts to look a lot like a guard.
Personal Firewalls:
traffic, usually from the network. A personal firewall can complement the work of a
conventional firewall by screening the kind of data a single host will accept, or it can
compensate for the lack of a regular firewall, as in a private DSL or cable modem connection.
The personal firewall is configured to enforce some policy. For example, the user
may decide that certain sites, such as computers on the company network, are highly
trustworthy, but most other sites are not. The user defines a policy permitting download of
code, unrestricted data sharing, and management access from the corporate segment, but not
from other sites. Personal firewalls can also generate logs of accesses, which can be useful to
clever attacker is likely to attempt an undetected attack that would disable or reconfigure the
firewall for the future. Still, especially for cable modem, DSL, and other "always on"
connections, the static workstation is a visible and vulnerable target for an ever-present attack
community. A personal firewall can provide reasonable protection to clients that are not
Type: There are several types of firewalls, including circuit-level gateways, stateful
inspection firewalls, and packet filtering firewalls.
Security level: How well the firewall protects against security threats
An intrusion detection system (IDS) is a device, typically another separate computer, that
monitors activity to identify malicious or suspicious events. An IDS is a sensor, like a smoke
detector, that raises an alarm if specific things occur. A model of an IDS is shown in below
figure. The components in the figure are the four basic elements of an intrusion detection
system, based on the Common Intrusion Detection Framework of [STA96]. An IDS receives
raw inputs from sensors. It saves those inputs, analyzes them, and takes some controlling
action.
Types of IDSs
The two general types of intrusion detection systems are signature based and heuristic.
situations that match a pattern corresponding to a known attack type. Heuristic intrusion
detection systems, also known as anomaly based, build a model of acceptable behavior and
flag exceptions to that model; for the future, the administrator can mark a flagged behavior as
acceptable so that the heuristic IDS will now treat that previously unclassified behavior as
acceptable.
IDS is a stand-alone device attached to the network to monitor traffic throughout that
network; a host-based IDS runs on a single workstation or client or host, to protect that one
host.
A simple signature for a known attack type might describe a series of TCP SYN packets sent
to many different ports in succession and at times close to one another, as would be the case
for a port scan. An intrusion detection system would probably find nothing unusual in the
first SYN, say, to port 80, and then another (from the same source address) to port 25. But as
more and more ports receive SYN packets, especially ports that are not open, this pattern
reflects a possible port scan. Similarly, some implementations of the protocol stack fail if
they receive an ICMP packet with a data length of 65535 bytes, so such a packet would be a
Because signatures are limited to specific, known attack patterns, another form of intrusion
detection becomes useful. Instead of looking for matches, heuristic intrusion detection looks
for behavior that is out of the ordinary. The original work in this area focused on the
individual, trying to find characteristics of that person that might be helpful in understanding
normal and abnormal behavior. For example, one user might always start the day by reading
e-mail, write many documents using a word processor, and occasionally back up files. These
actions would be normal. This user does not seem to use many administrator utilities. If that
person tried to access sensitive system management utilities, this new behavior might be a
clue that someone else was acting under the user's identity.
Inference engines work in two ways. Some, called state-based intrusion detection
systems, see the system going through changes of overall state or configuration. They try to
detect when the system has veered into unsafe modes. Others try to map current activity onto
a model of unacceptable activity and raise an alarm when the activity resembles the model.
These are called model-based intrusion detection systems. This approach has been extended
accommodate variation and evolution in a person's actions over time. The technique
Alternatively, intrusion detection can work from a model of known bad activity.
For example, except for a few utilities (login, change password, create user), any other
attempt to access a password file is suspect. This form of intrusion detection is known as
misuse intrusion detection. In this work, the real activity is compared against a known
suspicious area.
Stealth Mode:
An IDS is a network device (or, in the case of a host-based IDS, a program running on a
network device). Any network device is potentially vulnerable to network attacks. How
useful would an IDS be if it itself were deluged with a denial-of-service attack? If an attacker
succeeded in logging in to a system within the protected network, wouldn't trying to disable
To counter those problems, most IDSs run in stealth mode, whereby an IDS has two
network interfaces: one for the network (or network segment) being monitored and the other
to generate alerts and perhaps other administrative needs. The IDS uses the monitored
interface as input only; it never sends packets out through that interface. Often, the interface
is configured so that the device has no published address through the monitored interface;
that is, a router cannot route anything to that address directly, because the router does not
know such a device exists. It is the perfect passive wiretap. If the IDS needs to generate an
alert, it uses only the alarm interface on a completely separate control network.
1. Responding to alarms:
Whatever the type, an intrusion detection system raises an alarm when it finds a match. The
alarm can range from something modest, such as writing a note in an audit log, to something
significant, such as paging the system security administrator. Particular implementations allow
the user to determine what action the system should take on what events.
In general, responses fall into three major categories (any or all of which can be used in a single
response):
Intrusion detection systems are not perfect, and mistakes are their biggest problem. Although
an IDS might detect an intruder correctly most of the time, it may stumble in two different
ways: by raising an alarm for something that is not really an attack (called a false positive, or
type I error in the statistical community) or not raising an alarm for a real attack (a false
negative, or type II error). Too many false positives means the administrator will be less
confident of the IDS's warnings, perhaps leading to a real alarm's being ignored. But false
negatives mean that real attacks are passing the IDS without action. We say that the degree of
false positives and false negatives represents the sensitivity of the system. Most IDS
On the upside, IDSs detect an ever-growing number of serious problems. And as we learn
more about problems, we can add their signatures to the IDS model. Thus, over time, IDSs
continue to improve. At the same time, they are becoming cheaper and easier to administer.
On the downside, avoiding an IDS is a first priority for successful attackers. An IDS that is
not well defended is useless. Fortunately, stealth mode IDSs are difficult even to find on an
internal network, let alone to compromise. IDSs look for known weaknesses, whether
through patterns of known attacks or models of normal behavior. Similar IDSs may have
identical vulnerabilities, and their selection criteria may miss similar attacks. Knowing how
to evade a particular model of IDS is an important piece of intelligence passed within the
products, they try to fix it. Fortunately, commercial IDSs are pretty good at identifying
attacks. Another IDS limitation is its sensitivity, which is difficult to measure and adjust.
IDSs will never be perfect, so finding the proper balance is critical.
In general, IDSs are excellent additions to a network's security. Firewalls block traffic to
particular ports or addresses; they also constrain certain protocols to limit their impact. But by
definition, firewalls have to allow some traffic to enter a protected area.
Watching what that traffic actually does inside the protected area is an IDS's job, which it does
quite well.
Secure Email:
We rely on e-mail's confidentiality and integrity for sensitive and important communications,
even though ordinary e-mail has almost no confidentiality or integrity. Here we investigate how
to add confidentiality and integrity protection to ordinary e-mail.
Sometimes we would like e-mail to be more secure. To define and implement a more secure
form, we begin by examining the exposures of ordinary e-mail.
Threats to E-mail
Designs:
One of the design goals for encrypted e-mail was allowing security-enhanced messages to
travel as ordinary messages through the existing Internet e-mail system. This requirement
ensures that the large existing e-mail network would not require change to accommodate
security. Thus, all protection occurs within the body of a message.
Confidentiality:
The encrypted e-mail standard works most easily as just described, using both symmetric and
asymmetric encryption. The standard is also defined for symmetric encryption only.
Encrypted e-mail provides strong end-to-end security for electronic mail. Triple DES, AES and
RSA cryptography are quite strong, especially if RSA is used with a long bit key (1024 bits or
more). The vulnerabilities remaining with encrypted e-mail come from the points not covered:
the endpoints. An attacker with access could subvert a sender's or receiver's machine,
modifying the code that does the privacy enhancements or arranging to leak a cryptographic
key.
EXERCISES
1. The FTP protocol is relatively easy to proxy; the firewall decides, for example,
whether an outsider should be able to access a particular directory in the file system
2. How would the content of the audit log differ for a screening router versus an
3. Cite a reason why an organization might want two or more firewalls on a single
network.
4. Firewalls are targets for penetrators. Why are there few compromises of firewalls?
5. Should a network administrator put a firewall in front of a honey pot? Why or why
not?
6. Can a firewall block attacks using server scripts, such as the attack in which the user
could change a price on an item offered by an e-commerce site? Why or why not?
7. Why does a stealth mode IDS need a separate network to communicate alarms and to
8. One form of IDS starts operation by generating an alert for every action. Over time,
the administrator adjusts the setting of the IDS so that common, benign activities do
not generate alarms. What are the advantages and disadvantages of this design for an
IDS?
9. Can encrypted e-mail provide verification to a sender that a recipient has read an email
message? Why or why not?
10. Can message confidentiality and message integrity protection be applied to the same
11. What are the advantages and disadvantages of an e-mail program that automatically
applies and removes protection to e-mail messages between sender and receiver?
In the world of computer networks, a firewall acts like a security guard. Its job is to watch over
the flow of information between your computer or network and the internet. It’s designed to
block unauthorized access while allowing safe data to pass through.
Essentially, a firewall helps keep your digital world safe from unwanted visitors and potential
threats, making it an essential part of today’s connected environment. It monitors both
incoming and outgoing traffic using a predefined set of security to detect and prevent threats.
What is Firewall?
A firewall is a network security device, either hardware or software-based, which monitors all
incoming and outgoing traffic and based on a defined set of security rules accepts, rejects, or
drops that specific traffic.
A firewall is a type of network security device that filters incoming and outgoing network traffic
with security policies that have previously been set up inside an organization. A firewall is
essentially the wall that separates a private internal network from the open Internet at its very
basic level.
Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on
routers. ACLs are rules that determine whether network access should be granted or denied to
specific IP address. But ACLs cannot determine the nature of the packet it is blocking. Also, ACL
alone does not have the capacity to keep threats out of the network. Hence, the Firewall was
introduced. Connectivity to the Internet is no longer optional for organizations. However,
accessing the Internet provides benefits to the organization; it also enables the outside world to
interact with the internal network of the organization. This creates a threat to the organization.
In order to secure the internal network from unauthorized traffic, we need a Firewall.
Working of Firewall
Firewall match the network traffic against the rule set defined in its table. Once the rule is
matched, associate action is applied to the network traffic. For example, Rules are defined as
any employee from Human Resources department cannot access the data from code server and
at the same time another rule is defined like system administrator can access the data from
both Human Resource and technical department. Rules can be defined on the firewall based on
the necessity and security policies of the organization. From the perspective of a server,
network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is always
better in order to achieve more security and prevent unwanted communication. Incoming
traffic is treated differently. Most traffic which reaches on the firewall is one of these three
major Transport Layer protocols- TCP, UDP or ICMP. All these types have a source address and
destination address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port
number which identifies purpose of that packet.
Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For this
reason, the firewall must always have a default policy. Default policy only consists of action
(accept, reject or drop). Suppose no rule is defined about SSH connection to the server on the
firewall. So, it will follow the default policy. If default policy on the firewall is set to accept, then
any computer outside of your office can establish an SSH connection to the server. Therefore,
setting default policy as drop (or reject) is always a good practice.
Types of Firewall
Packet filtering firewall is used to control network access by monitoring outgoing and incoming
packets and allowing them to pass or stop based on source and destination IP address,
protocols, and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3
layers). Packet firewalls treat each packet in isolation. They have no ability to tell whether a
packet is part of an existing stream of traffic. Only It can allow or deny the packets based on
unique packet headers. Packet filtering firewall maintains a filtering table that decides whether
the packet will be forwarded or discarded. From the given filtering table, the packets will be
filtered according to the following rules:
Incoming packets from network 192.168.21.0 are blocked.
Incoming packets destined for the internal TELNET server (port 23) are blocked.
Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection
state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of
the state of networks connection travelling across it, such as TCP streams. So the filtering
decisions would not only be based on defined rules, but also on packet’s history in the state
table.
3. Software Firewall
A software firewall is any firewall that is set up locally or on a cloud server. When it comes to
controlling the inflow and outflow of data packets and limiting the number of networks that can
be linked to a single device, they may be the most advantageous. But the problem with
software firewall is they are time-consuming.
4. Hardware Firewall
They also go by the name “firewalls based on physical appliances.” It guarantees that the
malicious data is halted before it reaches the network endpoint that is in danger.
Application layer firewall can inspect and filter the packets on any OSI layer, up to the
application layer. It has the ability to block specific content, also recognize when certain
application and protocols (like HTTP, FTP) are being misused. In other words, Application layer
firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection
between either side of the firewall, each packet has to pass through the proxy.
NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many
functionalities to protect the network from these modern threats.
This kind of firewall filters communications at the application layer, and protects the network. A
proxy firewall acts as a gateway between two networks for a particular application.
This works as the Sessions layer of the OSI Model’s . This allows for the simultaneous setup of
two Transmission Control Protocol (TCP) connections. It can effortlessly allow data packets to
flow without using quite a lot of computing power. These firewalls are ineffective because they
do not inspect data packets; if malware is found in a data packet, they will permit it to pass
provided that TCP connections are established properly.
Functions of Firewall
Every piece of data that enters or leaves a computer network must go via the firewall.
If the data packets are safely routed via the firewall, all of the important data remains
intact.
A firewall logs each data packet that passes through it, enabling the user to keep track
of all network activities.
Since the data is stored safely inside the data packets, it cannot be altered.
Every attempt for access to our operating system is examined by our firewall, which also
blocks traffic from unidentified or undesired sources.
The firewall keeps changing and getting better because different people have been working on
it since the late 1980s to the mid-90s. Each person added new parts and improved versions of
the firewall before it became what we use in modern times. This means the firewall is always
evolving to become more effective and secure.
Jeff Mogul, Paul Vixie, and Brian Reid
In the late 1980s, Mogul, Reid, and Vixie worked at Digital Equipment Corp (DEC) on packet-
filtering technology. This tech became important for future firewalls. They started the idea of
checking external connections before they reach computers on an internal network. Some
people think this packet filter was the first firewall, but it was really a part of the technology
that later became true firewall systems.
Kshitiji Nigam, William Cheswick, David Presotto, Steven Bellovin, and Janardan Sharma
In the late 1980s to early 1990s, researchers at AT&T Bell Labs worked on a new type of firewall
called the circuit-level gateway. Unlike earlier methods, this firewall didn’t need to reauthorize
connections for each data packet but instead vetted and allowed ongoing connections. From
1989 to 1990, Presotto, Sharma, and Nigam developed this technology, and in 1991, Cheswick
and Bellovin continued to advance firewall technology based on their work.
Marcus Ranum
From 1991 to 1992, Ranum introduced security proxies at DEC, which became a crucial part of
the first application-layer firewall product. Known as the Secure External Access Link (SEAL)
product, it was based on earlier work by Reid, Vixie, and Mogul at DEC. SEAL marked the first
commercially available firewall, pioneering the way for enhanced network security through
application-level protection.
From 1993 to 1994, at Check Point, Gil Shwed and developer Nir Zuk made major contributions
to creating the first widely-used and easy-to-use firewall product called Firewall-1. Gil Shwed
pioneered stateful inspection technology, filing a U.S. patent in 1993. Following this, Nir Zuk
developed a user-friendly graphical interface for Firewall-1 in 1994. These innovations were
pivotal in making firewalls accessible and popular among businesses and homes, shaping their
adoption for years to come.
Importance of Firewalls
So, what does a firewall do and why is it important? Without protection, networks are
vulnerable to any traffic trying to access your systems, whether it’s harmful or not. That’s why
it’s crucial to check all network traffic.
When you connect personal computers to other IT systems or the internet, it opens up many
benefits like collaboration, resource sharing, and creativity. But it also exposes your network
and devices to risks like hacking, identity theft, malware, and online fraud.
Once a malicious person finds your network, they can easily access and threaten it, especially
with constant internet connections.
Using a firewall is essential for proactive protection against these risks. It helps users shield
their networks from the worst dangers.
A firewall serves as a security barrier for a network, narrowing the attack surface to a single
point of contact. Instead of every device on a network being exposed to the internet, all traffic
must first go through the firewall. This way, the firewall can filter and block non-permitted
traffic, whether it’s coming in or going out. Additionally, firewalls help create a record of
attempted connections, improving security awareness.
Parental Controls: Parents can use firewalls to block their children from accessing
explicit web content.
Workplace Web Browsing Restrictions: Employers can restrict employees from using
the company network to access certain services and websites, like social media.
Nationally Controlled Intranet: Governments can block access to certain web content
and services that conflict with national policies or values.
By allowing network owners to set specific rules, firewalls offer customizable protection for
various scenarios, enhancing overall network security.
Prevention of Malware and Other Threats: Malware and other threat prevention:
Firewalls can be set up to block traffic linked to known malware or other security
concerns, assisting in the defense against these kinds of attacks.
Control of Network Access: By limiting access to specified individuals or groups for
particular servers or applications, firewalls can be used to restrict access to particular
network resources or services.
Monitoring of Network Activity: Firewalls can be set up to record and keep track of all
network activity.
Regulation Compliance: Many industries are bound by rules that demand the usage of
firewalls or other security measures.
Limited Visibility: Firewalls may not be able to identify or stop security risks that
operate at other levels, such as the application or endpoint level, because they can only
observe and manage traffic at the network level.
False Sense of Security: Some businesses may place an excessive amount of reliance on
their firewall and disregard other crucial security measures like endpoint security or
intrusion detection systems.
Limited adaptability: Because firewalls are frequently rule-based, they might not be
able to respond to fresh security threats.
Limited Scalability: Because firewalls are only able to secure one network, businesses
that have several networks must deploy many firewalls, which can be expensive.
Limited VPN support: Some firewalls might not allow complex VPN features like split
tunneling, which could restrict the experience of a remote worker.
Cost: Purchasing many devices or add-on features for a firewall system can be
expensive, especially for businesses.
Conclusion
In conclusion, firewalls play a crucial role in safeguarding computers and networks. By
monitoring and controlling incoming and outgoing data, they help prevent unauthorized access
and protect against cyber threats. Using a firewall is a smart way to enhance security and
ensure a safer online experience for users and organizations alike.